Jailbreaking has been in the news lately largely because of the very public online iPhone jailbreaking tool that uses vulnerabilities in the iOS platform.
Initial security concerns were raised due to the discovery of a loophole that was used by the jailbreaking tool. Whether people should jailbreak their devices or not, however, is in itself a good question.
What Is Jailbreaking?
First, a definition. Jailbreaking is the act of modifying a device to allow it to run unsigned and thus unauthorized code that does not normally do so. For Apple’s iOS devices, this means that users can download and run applications from sources other than the official App Store. They can also modify or add features to their jailbroken devices.
In theory, Apple reviews applications before they are posted on the App Store. No means of app review and signing appears to be done on apps in Cydia, a common alternative app store for jailbroken iOS device users. This means that applications are free to exhibit malicious behaviors, as is the case with Windows-based systems.
Was it really a good or necessary move for jailbreakers to use such a serious vulnerability to get what they want? Previous jailbreaks have not had the serious security implications this last one had. Since jailbreaking has now been legalized, more users may consider this option. However, the more security-conscious may wonder if increased consumer choice is all that the jailbreakers are interested in or if they are also interested in spreading malware.
Jailbreaking for Competition?
For consumers, competition in the form of alternative app stores is a good thing. Let’s look at the current situation: Apple controls all aspects of iOS devices; it makes and sells the hardware and software and completely controls the means to distribute them. The reaction if Apple’s competitors had the same level of control will be different.
As a consumer, freer choice is a good idea. However, the way choices are made available has to be both ethical and legal. The reality, however, is that Apple created the platform and locked it down fairly thoroughly. It chose to do so. Whether it is willing to let third parties create their own app stores for its device users or not is an entirely different matter.
Of course, the value of Apple’s app review is not clear as well. A more complete security review of the iOS platform should have been able to see the vulnerability that was exploited earlier. Even some applications have had hidden functionality like tethering, which was discovered after passing Apple’s app review process. So it may also be good to ask if Apple can really say that it reviews all applications for both malicious content and vulnerabilities.
In the end, there is no single answer to the question this blog entry poses. Users have to go into it with eyes wide open because jailbreaking brings both advantages and risks. What’s right for one person may not be right for someone else but the security implications of jailbreaking must be clear to anyone who chooses to jailbreak his/her device.